Solved

IIS 6 404.2 1260 error - Will not access files or directories with ".com" in the path name

Posted on 2013-01-04
27
1,648 Views
Last Modified: 2013-03-19
Hoping the community can help me out.   Have been tracking down an issue for 2 days and think I've narrowed it down to an IIS 404.2 1260 error but don't know how to fix.

First this used to work and has been working for 5+ years.   The issue started sometime in the last 30 days.   I've removed all MS updates over the last 45 days to see if that was the issue but the problem still exists.

This is on a W2K3 server with IIS 6.  In the web service extentions the following are allowed... ASP, ASP .NET v 1.1.4322, ASP .NET v2.0.50727, PHP.   All others listed are prohibited.

We have a client based application that posts and gets files from a webserver.   The clients have a unique identification account name.   The clients who used their email address as their account names are failing to get files.   They can post files with no issues.   Clients that don't have a ".com" in their account name are working fine for both post and get.

I enabled the ability to surf the directory structure via https based URLs.   Walking the directory structure gives the same results as the client based application.  Here are examples.  For the ones listed as working I am able to access the directory and view the test.log file within the directory.  

Works - https://mywebsite.com/bb/0/test@att-com/
Bad  - https://mywebsite.com/bb/0/test@att.com/
Works - https://mywebsite.com/bb/0/test@att.com_/
Works - https://mywebsite.com/bb/0/test@att.net/

For the one that is bad I get the following msg in the browswer..
       The page cannot be found
       The page you are looking for might have been removed, had its name changed, or is             temporarily unavailable.
--------------------------------------------------------------------------------

Within the IIS logs I get the following for the working test accounts..200 0 0....

2013-01-05 02:24:25 W3SVC2018762905 WCIWS-001 X.X.X.101 GET /bb/0/test@att-com/ - 443 - X.X.X.82 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0; +Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C; +InfoPath.3;+.NET4.0E;+McAfee) __utma=13921579.1358780122.1345999780.1357314349.1357350449.12;+__utmz=13921579.1355368330.7.2.utmccn=(referral)|utmcsr=mysite.com|utmcct=/|utmcmd=referral;+__utmc=13921579 https://mysite.com/bb/0/ mysite.com 200 0 0 547 818 31

2013-01-05 02:24:31 W3SVC2018762905 WCIWS-001 X.X.X.101 GET /bb/0/test@att.com_/ - 443 - X.X.X.82 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;
+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C; +InfoPath.3;+.NET4.0E;+McAfee) __utma=13921579.1358780122.1345999780.1357314349.1357350449.12;+__utmz=13921579.1355368330.7.2.utmccn= (referral)|utmcsr=mysite.com|utmcct=/|utmcmd=referral;+__utmc=13921579 https://mysite.com/bb/0/ mysite.com 200 0 0 550 819 15

2013-01-05 02:24:34 W3SVC2018762905 WCIWS-001 X.X.X.101 GET /bb/0/test@att.net/ - 443 - X.X.X.82 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows
+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+InfoPath.3;+.NET4.0E;+McAfee) __utma=13921579.1358780122.1345999780.1357314349.1357350449.12;+__utmz=13921579.1355368330.7.2.utmccn=(referral)|utmcsr=mysite.com|utmcct=/|utmcmd=referral;+__utmc=13921579 https://mysite.com/bb/0/ mysite.com 200 0 0 547 818 31



For the bad test account I get this in the iis log...404 2 1260....

2013-01-05 02:24:28 W3SVC2018762905 WCIWS-001 X.X.X.101 GET /bb/0/test@att.com/ - 443 - X.X.X.82 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;
+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+InfoPath.3;+.NET4.0E;+McAfee) __utma=13921579.1358780122.1345999780.1357314349.1357350449.12;+__utmz=13921579.1355368330.7.2.utmccn=(referral)|utmcsr=mysite.com|utmcct=/|utmcmd=referral;+__utmc=13921579 https://mysite.com/bb/0/ mysite.com 404 2 1260 1795 818 0


For a production client that fails I get the same error in the iislog.....404 2 1260....

2013-01-05 02:00:40 W3SVC2018762905 WCIWS-001 X.X.X.101 GET /bb/22/20121206220628-inc57-XXXXX@gmail.com/20121206220628-inc57-XXXXX@gmail.com.bum - 443 - X.X.X.82 HTTP/1.1 buddy+Client/2.00.0412 - - mysite.com 404 2 1260 1795 228 0


I've tried to add .com as a new web svc extension and link it to the v2.0.50727/aspnet_isapi.dll but it tells me that already exists.   Adding .com as a new mime type of text/text has no impact.

Help.   I need some ideas for how to get this working again.  

Thanks  in advance for any support!!!
0
Comment
Question by:jondrejik
  • 11
  • 11
  • 3
  • +1
27 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
Do you have anti-virus on the server?  I ask because it might think that '.com' is an attempt to do a redirect.  And that might have happened during an anti-virus update.

Also does it work on the server itself?
0
 

Author Comment

by:jondrejik
Comment Utility
Yes all the files can be accessed directly via windows explorer on the server and from another PC over the network.

There is currently no anti-virus on the server
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
These are identical!

Works - https://mywebsite.com/bb/0/test@att-com/
Bad     - https://mywebsite.com/bb/0/test@att.com/

Open in new window


xxx/bb/0/test@att.com is exactly the same...

does
/bb/22/20121206220628-inc57-XXXXX@gmail.com/20121206220628-inc57-XXXXX@gmail.com.bum

Open in new window

exist?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
I meant does that form of the URL with '.com' work internally in a browser at all.  We've had some questions where a content filtering or external firewall device got updated and blocked things that weren't expected.
0
 

Author Comment

by:jondrejik
Comment Utility
ve3ofa..

The first two are not identical.   Slight difference is att-com .vs. att.com.   The att-com url works but the att.com url fails.

Yes the file exists in your second question.   I can look at it via explorer.


Dave -  No the '.com' version does not work from a browser on the server and neither does one of the working test accounts...interesting   Can't access either from a browser on the server.   I am testing from a remote client PC and that can access all but the .com based accounts.

How do you check content filtering on the server?   There are no external devices filtering.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
IE occasionally does some funny things to URLs.  Can you use an alternate browser on the server to check the URL?
0
 

Author Comment

by:jondrejik
Comment Utility
If run from a browser on the server.....

IE gives me - IE cannot disply the webpage

Firefox gives me - You are not authorized to view this page


From a PC accessing the website IE works except for the accounts with .com in their name


Would upgrading to .net 4 make any difference?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
I doubt it.  You need to use a network monitor like Wireshark to see what is actually being requested and responded.  It's starting to sound like a problem with the server's response but you need to verify what being requested to make sure.

Can you create a different sub-directory with plain index.html that uses the same URL pattern but won't go thru your ASP.NET code?  The purpose is to detect whether it is a server or code problem.
0
 

Author Comment

by:jondrejik
Comment Utility
I created two test directories on each side of the webserver (http & https).   These test directories are on the server in the top level wwwroot directory.


Results.

Works = http://192.168.1.101/test/
Works = http://192.168.1.101/test/test@att-com/
Works = http://192.168.1.101/test/test@att.com/

Works = https://192.168.1.101/test/
Works = https://192.168.1.101/test/test@att-com/
Bad = https://192.168.1.101/test/test@att.com/


This shows a similar behavior where the customers posting with ".com" in their account names fails.   In previous posts I had not checked the simple test on the non-secure side of the site.   Based on these tests it looks like the secure side is having the issue.

I loaded WireShark but don't know enough yet to see if it is showing the error of the https traffice in the logs.   Will it show https errors or not?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
You have to tell Wireshark to show HTTPS info, it doesn't do it by default.  It is probably a pain.  http://wiki.wireshark.org/SSL

What error message do you get besides 404?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
0
 

Author Comment

by:jondrejik
Comment Utility
Already went thru that MS site.   This is likely what is happening but I can't figure out how to make ".com" part of the authorized ISAPI.   When I tried to add it as a mime type I got an error msg when I tried to save saying .com was already and authorized type.

Looking into wireshark

Thanks
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
You shouldn't be adding it as a MIME type, it's just part of the URL, not a file or file type of it's own.  Do you have redirect code working on that server?  Just one more place that it could be misidentified.

Also, have you tried a URL other than 'att.com'?  Like http://192.168.1.101/test/test@google.com/
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:jondrejik
Comment Utility
No redirects.

the google test has the same results.   Does not work on the secure side.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
Do you get the exact same results in the log for these new errors?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
I tried the experiment on an IIS 7.0 server and it worked fine with both HTTP and HTTPS.  I don't have access to an IIS6 server with HTTPS that I can try.
0
 

Author Comment

by:jondrejik
Comment Utility
Yes same info in the logs  404 2 1260

Is there a way to reinstall a webserver on the same server and keep all the key settings?

Is there a way to export the settings so I could build a new one from scratch and then import the settings?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
I don't know the answers to those questions.  I would not reinstall over your current web server since it is basically working except for this one thing.  I did read that you could import the 'metabase' from IIS6 but I don't know if that is everything.

Since apparently everything else works, you would be better off at this time to require the users to use something other than a decimal point in the directory / user names.
0
 

Author Comment

by:jondrejik
Comment Utility
I recreated a new VM and redid the webserver from scratch.  I then ported over the settings screen by screen.   Net result is some improvement.  

Works - http://192.168.1.104/test/test@att.com/ - Same as WS001
Works - https://192.168.1.104/test/test@att.com/  - Does not work on WS001
Bad - https://192.168.1.104/bb/0/test@att.com/ - Same as 001
Works - http://192.168.1.104/bbr/9/xxx-inc2754-x@x.com/ - Does not work on 001

The .com based accounts work on the local servers hard drive on both http and https.   This improves over the production WS001 since these did not work on https.

On the production NAS box attached to the webserver where the files are stored it did not work on the https side of the webserver so that was consistent with the production webserver.

If I could get the https gets working all would be well.   The https posts work just fine to the same directories.   This is what I can't understand... why do posts work but gets don't for the .com based accounts.

Any thoughts?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
I don't know at this point.  Click on "Request Attention" above and get some others to look at this.
0
 
LVL 26

Expert Comment

by:mrcoffee365
Comment Utility
I don't have a setup like this one, but one thing which you haven't mentioned:
In IIS (and other servers) https goes to a single container.  There's only 1 listener for the https requests.  It has the 1 certificate you have for the server.

IIS does not care what the domain is with the request.  If you have 2 domains
http://www.a.com
http://www.b.com

but your cert is for www.a.com, then even if the url is for b.com:
https://www.b.com
IIS will answer from the a.com listener, because that's what is listening on 443.

So, if your att.com urls work on b.com, but not on a.com, you'll get weird errors for a 443 (https) request even if you think you have said b.com .
0
 

Author Comment

by:jondrejik
Comment Utility
Only one server and it has port 80 and 443 open.  This server has the only certificat for the domain.

What fails are https gets to any account that has ".com" in the account name.  The accounts fail regardless of if they are stored on the drive in the server or on the NAS box.   This has been working for 5 years but stopped working after Oct 29th as that is the last successful set of transactions.  

All other accounts without ".com" in the account name remain fully fuctional.

I am clueless on the issue or how to resolve  at this point.
0
 
LVL 26

Expert Comment

by:mrcoffee365
Comment Utility
I understand that you have 1 server.  What I wondered was if you had 2 domain names identified in IIS.  Perhaps you don't -- it was just a thought.

I googled your error message, and the following discussion sounds like a possible workaround:
http://social.technet.microsoft.com/Forums/en-US/configmgrsetup/thread/2cee3b82-9335-4a25-8f0f-747cca29c3da/

You change your configuration to allow the ccmisapi.dll ?  The discussion is about IIS7, but sometimes Windows OS updates include changes which affect IIS in all its versions.

In any case, it sounds as if a rule changed for your IIS which is no longer allowing a url rewrite you have for the user login as part of the url.
0
 

Author Comment

by:jondrejik
Comment Utility
I tried to make this change but no luck.   IIS6 doesn't have the config file so no way to edit it.  I searched the server several times for something similar but no luck.  

In looking at the inetsrv directory the last file updated was 6/28/2010 other than the MetaBase.xml which was updated today.

The error from my webserver log looks like this for an active account...

2013-01-08 05:06:40 W3SVC2018762905 WCIWS-001 192.168.2.101 GET /bb/0/20130101004135-inc59-xxxx@gmail.com/20130101004135-inc59-xxxx@gmail.com.bum - 443 - 207-255-13-124-dhcp.jst.pa.atlanticbb.net HTTP/1.1 buddy+Client/2.00.0403 - - www.mysite.com 404 2 1260 1795 227 0


Agree something changed after Oct 29 that is preventing Get only on accounts with ".com".

Other thoughts or recommendations?



In reading the link there is also a discusion about remove / reinstalling "DP".   What is DP?
0
 

Author Comment

by:jondrejik
Comment Utility
Is there an update?   Anyone have any ideas?
0
 
LVL 26

Accepted Solution

by:
mrcoffee365 earned 500 total points
Comment Utility
We've answered as far as we can with the information you have posted.  You could do more investigation and post more information, or you could follow the leads we have given you.

You're the only person with all of the IIS configuration rules in front of you, you're the one with the url rewrite rules, you're the person with the application code which reads the user email as the parameter from the url.  You're also the person with the list of updates which have been made to your server over the past few months.

It sounds as if you were hoping that someone would be able to give you a quick answer.  No one here has seen what you're seeing.  There aren't a ton of IIS administrators on EE, so you might try an actual IIS or ASP.Net forum to see if someone there has run into this same update from Microsoft.
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now